• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright (C) 2021 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15// This file contains module definitions for various contexts files.
16
17package {
18    // See: http://go/android-license-faq
19    // A large-scale-change added 'default_applicable_licenses' to import
20    // all of the 'license_kinds' from "system_sepolicy_license"
21    // to get the below license kinds:
22    //   SPDX-license-identifier-Apache-2.0
23    default_applicable_licenses: ["system_sepolicy_license"],
24}
25
26file_contexts {
27    name: "plat_file_contexts",
28    srcs: [":file_contexts_files{.plat_private}"],
29    product_variables: {
30        address_sanitize: {
31            srcs: [":file_contexts_asan_files{.plat_private}"],
32        },
33        debuggable: {
34            srcs: [":file_contexts_overlayfs_files{.plat_private}"],
35        },
36    },
37
38    flatten_apex: {
39        srcs: [":apex_file_contexts_files"],
40    },
41}
42
43file_contexts {
44    name: "plat_file_contexts.recovery",
45    srcs: [":file_contexts_files{.plat_private}"],
46    stem: "plat_file_contexts",
47    product_variables: {
48        address_sanitize: {
49            srcs: [":file_contexts_asan_files{.plat_private}"],
50        },
51        debuggable: {
52            srcs: [":file_contexts_overlayfs_files{.plat_private}"],
53        },
54    },
55
56    flatten_apex: {
57        srcs: [":apex_file_contexts_files"],
58    },
59
60    recovery: true,
61}
62
63file_contexts {
64    name: "vendor_file_contexts",
65    srcs: [
66        ":file_contexts_files{.plat_vendor_for_vendor}",
67        ":file_contexts_files{.vendor}",
68    ],
69    soc_specific: true,
70}
71
72file_contexts {
73    name: "vendor_file_contexts.recovery",
74    srcs: [
75        ":file_contexts_files{.plat_vendor_for_vendor}",
76        ":file_contexts_files{.vendor}",
77    ],
78    stem: "vendor_file_contexts",
79    recovery: true,
80}
81
82file_contexts {
83    name: "system_ext_file_contexts",
84    srcs: [":file_contexts_files{.system_ext_private}"],
85    system_ext_specific: true,
86}
87
88file_contexts {
89    name: "system_ext_file_contexts.recovery",
90    srcs: [":file_contexts_files{.system_ext_private}"],
91    stem: "system_ext_file_contexts",
92    recovery: true,
93}
94
95file_contexts {
96    name: "product_file_contexts",
97    srcs: [":file_contexts_files{.product_private}"],
98    product_specific: true,
99}
100
101file_contexts {
102    name: "product_file_contexts.recovery",
103    srcs: [":file_contexts_files{.product_private}"],
104    stem: "product_file_contexts",
105    recovery: true,
106}
107
108file_contexts {
109    name: "odm_file_contexts",
110    srcs: [":file_contexts_files{.odm}"],
111    device_specific: true,
112}
113
114file_contexts {
115    name: "odm_file_contexts.recovery",
116    srcs: [":file_contexts_files{.odm}"],
117    stem: "odm_file_contexts",
118    recovery: true,
119}
120
121hwservice_contexts {
122    name: "plat_hwservice_contexts",
123    srcs: [":hwservice_contexts_files{.plat_private}"],
124}
125
126hwservice_contexts {
127    name: "system_ext_hwservice_contexts",
128    srcs: [":hwservice_contexts_files{.system_ext_private}"],
129    system_ext_specific: true,
130}
131
132hwservice_contexts {
133    name: "product_hwservice_contexts",
134    srcs: [":hwservice_contexts_files{.product_private}"],
135    product_specific: true,
136}
137
138hwservice_contexts {
139    name: "vendor_hwservice_contexts",
140    srcs: [
141        ":hwservice_contexts_files{.plat_vendor_for_vendor}",
142        ":hwservice_contexts_files{.vendor}",
143        ":hwservice_contexts_files{.reqd_mask_for_vendor}",
144    ],
145    soc_specific: true,
146}
147
148hwservice_contexts {
149    name: "odm_hwservice_contexts",
150    srcs: [":hwservice_contexts_files{.odm}"],
151    device_specific: true,
152}
153
154property_contexts {
155    name: "plat_property_contexts",
156    srcs: [":property_contexts_files{.plat_private}"],
157}
158
159property_contexts {
160    name: "plat_property_contexts.recovery",
161    srcs: [":property_contexts_files{.plat_private}"],
162    stem: "plat_property_contexts",
163    recovery: true,
164}
165
166property_contexts {
167    name: "system_ext_property_contexts",
168    srcs: [":property_contexts_files{.system_ext_private}"],
169    system_ext_specific: true,
170    recovery_available: true,
171}
172
173property_contexts {
174    name: "product_property_contexts",
175    srcs: [":property_contexts_files{.product_private}"],
176    product_specific: true,
177    recovery_available: true,
178}
179
180property_contexts {
181    name: "vendor_property_contexts",
182    srcs: [
183        ":property_contexts_files{.plat_vendor_for_vendor}",
184        ":property_contexts_files{.vendor}",
185        ":property_contexts_files{.reqd_mask_for_vendor}",
186    ],
187    soc_specific: true,
188    recovery_available: true,
189}
190
191property_contexts {
192    name: "odm_property_contexts",
193    srcs: [":property_contexts_files{.odm}"],
194    device_specific: true,
195    recovery_available: true,
196}
197
198service_contexts {
199    name: "plat_service_contexts",
200    srcs: [":service_contexts_files{.plat_private}"],
201}
202
203service_contexts {
204    name: "plat_service_contexts.recovery",
205    srcs: [":service_contexts_files{.plat_private}"],
206    stem: "plat_service_contexts",
207    recovery: true,
208}
209
210service_contexts {
211    name: "system_ext_service_contexts",
212    srcs: [":service_contexts_files{.system_ext_private}"],
213    system_ext_specific: true,
214    recovery_available: true,
215}
216
217service_contexts {
218    name: "product_service_contexts",
219    srcs: [":service_contexts_files{.product_private}"],
220    product_specific: true,
221    recovery_available: true,
222}
223
224service_contexts {
225    name: "vendor_service_contexts",
226    srcs: [
227        ":service_contexts_files{.plat_vendor_for_vendor}",
228        ":service_contexts_files{.vendor}",
229        ":service_contexts_files{.reqd_mask_for_vendor}",
230    ],
231    soc_specific: true,
232    recovery_available: true,
233}
234
235keystore2_key_contexts {
236    name: "plat_keystore2_key_contexts",
237    srcs: [":keystore2_key_contexts_files{.plat_private}"],
238}
239
240keystore2_key_contexts {
241    name: "system_keystore2_key_contexts",
242    srcs: [":keystore2_key_contexts_files{.system_ext_private}"],
243    system_ext_specific: true,
244}
245
246keystore2_key_contexts {
247    name: "product_keystore2_key_contexts",
248    srcs: [":keystore2_key_contexts_files{.product_private}"],
249    product_specific: true,
250}
251
252keystore2_key_contexts {
253    name: "vendor_keystore2_key_contexts",
254    srcs: [
255        ":keystore2_key_contexts_files{.plat_vendor_for_vendor}",
256        ":keystore2_key_contexts_files{.vendor}",
257        ":keystore2_key_contexts_files{.reqd_mask_for_vendor}",
258    ],
259    soc_specific: true,
260}
261
262seapp_contexts {
263    name: "plat_seapp_contexts",
264    srcs: [":seapp_contexts_files{.plat_private}"],
265    sepolicy: ":precompiled_sepolicy",
266}
267
268seapp_contexts {
269    name: "system_ext_seapp_contexts",
270    srcs: [":seapp_contexts_files{.system_ext_private}"],
271    neverallow_files: [":seapp_contexts_files{.plat_private}"],
272    system_ext_specific: true,
273    sepolicy: ":precompiled_sepolicy",
274}
275
276seapp_contexts {
277    name: "product_seapp_contexts",
278    srcs: [":seapp_contexts_files{.product_private}"],
279    neverallow_files: [
280        ":seapp_contexts_files{.plat_private}",
281        ":seapp_contexts_files{.system_ext_private}",
282    ],
283    product_specific: true,
284    sepolicy: ":precompiled_sepolicy",
285}
286
287seapp_contexts {
288    name: "vendor_seapp_contexts",
289    srcs: [
290        ":seapp_contexts_files{.plat_vendor_for_vendor}",
291        ":seapp_contexts_files{.vendor}",
292        ":seapp_contexts_files{.reqd_mask_for_vendor}",
293    ],
294    neverallow_files: [
295        ":seapp_contexts_files{.plat_private_for_vendor}",
296        ":seapp_contexts_files{.system_ext_private_for_vendor}",
297        ":seapp_contexts_files{.product_private_for_vendor}",
298    ],
299    soc_specific: true,
300    sepolicy: ":precompiled_sepolicy",
301}
302
303seapp_contexts {
304    name: "odm_seapp_contexts",
305    srcs: [
306        ":seapp_contexts_files{.odm}",
307    ],
308    neverallow_files: [
309        ":seapp_contexts_files{.plat_private_for_vendor}",
310        ":seapp_contexts_files{.system_ext_private_for_vendor}",
311        ":seapp_contexts_files{.product_private_for_vendor}",
312    ],
313    device_specific: true,
314    sepolicy: ":precompiled_sepolicy",
315}
316
317vndservice_contexts {
318    name: "vndservice_contexts",
319    srcs: [
320        ":vndservice_contexts_files{.plat_vendor_for_vendor}",
321        ":vndservice_contexts_files{.vendor}",
322        ":vndservice_contexts_files{.reqd_mask_for_vendor}",
323    ],
324    soc_specific: true,
325}
326
327// for CTS
328genrule {
329    name: "plat_seapp_neverallows",
330    srcs: [
331        ":seapp_contexts_files{.plat_private}",
332        ":seapp_contexts_files{.system_ext_private}",
333        ":seapp_contexts_files{.product_private}",
334    ],
335    out: ["plat_seapp_neverallows"],
336    cmd: "grep -ihe '^neverallow' $(in) > $(out) || true",
337}
338
339//////////////////////////////////
340// Run host-side test with contexts files and the sepolicy file
341file_contexts_test {
342    name: "plat_file_contexts_test",
343    srcs: [":plat_file_contexts"],
344    sepolicy: ":precompiled_sepolicy",
345}
346
347file_contexts_test {
348    name: "system_ext_file_contexts_test",
349    srcs: [":system_ext_file_contexts"],
350    sepolicy: ":precompiled_sepolicy",
351}
352
353file_contexts_test {
354    name: "product_file_contexts_test",
355    srcs: [":product_file_contexts"],
356    sepolicy: ":precompiled_sepolicy",
357}
358
359file_contexts_test {
360    name: "vendor_file_contexts_test",
361    srcs: [":vendor_file_contexts"],
362    sepolicy: ":precompiled_sepolicy",
363}
364
365file_contexts_test {
366    name: "odm_file_contexts_test",
367    srcs: [":odm_file_contexts"],
368    sepolicy: ":precompiled_sepolicy",
369}
370
371hwservice_contexts_test {
372    name: "plat_hwservice_contexts_test",
373    srcs: [":plat_hwservice_contexts"],
374    sepolicy: ":precompiled_sepolicy",
375}
376
377hwservice_contexts_test {
378    name: "system_ext_hwservice_contexts_test",
379    srcs: [":system_ext_hwservice_contexts"],
380    sepolicy: ":precompiled_sepolicy",
381}
382
383hwservice_contexts_test {
384    name: "product_hwservice_contexts_test",
385    srcs: [":product_hwservice_contexts"],
386    sepolicy: ":precompiled_sepolicy",
387}
388
389hwservice_contexts_test {
390    name: "vendor_hwservice_contexts_test",
391    srcs: [":vendor_hwservice_contexts"],
392    sepolicy: ":precompiled_sepolicy",
393}
394
395hwservice_contexts_test {
396    name: "odm_hwservice_contexts_test",
397    srcs: [":odm_hwservice_contexts"],
398    sepolicy: ":precompiled_sepolicy",
399}
400
401property_contexts_test {
402    name: "plat_property_contexts_test",
403    srcs: [":plat_property_contexts"],
404    sepolicy: ":precompiled_sepolicy",
405}
406
407property_contexts_test {
408    name: "system_ext_property_contexts_test",
409    srcs: [
410        ":plat_property_contexts",
411        ":system_ext_property_contexts",
412    ],
413    sepolicy: ":precompiled_sepolicy",
414}
415
416property_contexts_test {
417    name: "product_property_contexts_test",
418    srcs: [
419        ":plat_property_contexts",
420        ":system_ext_property_contexts",
421        ":product_property_contexts",
422    ],
423    sepolicy: ":precompiled_sepolicy",
424}
425
426property_contexts_test {
427    name: "vendor_property_contexts_test",
428    srcs: [
429        ":plat_property_contexts",
430        ":system_ext_property_contexts",
431        ":product_property_contexts",
432        ":vendor_property_contexts",
433    ],
434    sepolicy: ":precompiled_sepolicy",
435}
436
437property_contexts_test {
438    name: "odm_property_contexts_test",
439    srcs: [
440        ":plat_property_contexts",
441        ":system_ext_property_contexts",
442        ":product_property_contexts",
443        ":vendor_property_contexts",
444        ":odm_property_contexts",
445    ],
446    sepolicy: ":precompiled_sepolicy",
447}
448
449service_contexts_test {
450    name: "plat_service_contexts_test",
451    srcs: [":plat_service_contexts"],
452    sepolicy: ":precompiled_sepolicy",
453}
454
455service_contexts_test {
456    name: "system_ext_service_contexts_test",
457    srcs: [":system_ext_service_contexts"],
458    sepolicy: ":precompiled_sepolicy",
459}
460
461service_contexts_test {
462    name: "product_service_contexts_test",
463    srcs: [":product_service_contexts"],
464    sepolicy: ":precompiled_sepolicy",
465}
466
467service_contexts_test {
468    name: "vendor_service_contexts_test",
469    srcs: [":vendor_service_contexts"],
470    sepolicy: ":precompiled_sepolicy",
471}
472
473vndservice_contexts_test {
474    name: "vndservice_contexts_test",
475    srcs: [":vndservice_contexts"],
476    sepolicy: ":precompiled_sepolicy",
477}
478